Pandora Sourcecodes - pandora-kernel.git/commit

author	Shuah Khan <shuahkh@osg.samsung.com>
	Thu, 7 Dec 2017 21:16:49 +0000 (14:16 -0700)
committer	Ben Hutchings <ben@decadent.org.uk>
	Tue, 13 Feb 2018 18:32:23 +0000 (18:32 +0000)
commit	11406025161a8745167414687bca1f8c04b5eb6c
tree	7635b18fba9e826bc765fa01deb4371fc2044567	tree \| snapshot
parent	629f509078f02bf65da3ecca8363104b08a3fdd7	commit \| diff

usbip: prevent vhci_hcd driver from leaking a socket pointer address

commit 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 upstream.

When a client has a USB device attached over IP, the vhci_hcd driver is
locally leaking a socket pointer address via the

/sys/devices/platform/vhci_hcd/status file (world-readable) and in debug
output when "usbip --debug port" is run.

Fix it to not leak. The socket pointer address is not used at the moment
and it was made visible as a convenient way to find IP address from socket
pointer address by looking up /proc/net/{tcp,tcp6}.

As this opens a security hole, the fix replaces socket pointer address with
sockfd.

Reported-by: Secunia Research <vuln@secunia.com>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[bwh: Backported to 3.2:
- usbip port status does not include hub type
- Adjust filenames, context, indentation]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

drivers/staging/usbip/usbip_common.h		diff \| blob \| history
drivers/staging/usbip/userspace/libsrc/vhci_driver.c		diff \| blob \| history
drivers/staging/usbip/vhci_sysfs.c		diff \| blob \| history